Cybersecurity


TikTok

TikTok CEO to boast data security efforts in Congress testimony

2023-03-22T16:55:00+00:00By

The fate of popular social media app TikTok in the United States could hinge on the testimony of CEO Shou Zi Chew before the House Committee on Energy and Commerce.

cisa_web

CISA pilot program seeks to bolster ransomware preparedness

2023-03-15T19:54:00+00:00By

The Cybersecurity and Infrastructure Security Agency announced a pilot program designed to help critical infrastructure entities vulnerable to cyberattacks mitigate a ransomware incident before it occurs.

SEChq

​SEC proposes Reg S-P updates on incident response, breach notifications

2023-03-15T17:45:00+00:00By

The Securities and Exchange Commission proposed amendments to its regulation requiring broker-dealers, investment companies, and registered investment advisers to establish policies and procedures to safeguard customer records and information.

DOJ building

​Web hosting company fined in DOJ cyber fraud case

2023-03-15T15:38:00+00:00By

Web hosting company Jelly Bean Communications Design and its manager agreed to pay $293,771 in the latest Department of Justice case holding government contractors accountable for poor cybersecurity practices.

Blackbaud

SEC orders Blackbaud to pay $3M for misleading ransomware disclosures

2023-03-10T19:32:00+00:00By

Software company Blackbaud agreed to pay $3 million to the Securities and Exchange Commission to settle claims it violated securities law by failing to disclose the true scope of a ransomware attack that affected 13,000 users.

HHS building

HHS creates new enforcement office for health privacy

2023-02-28T20:20:00+00:00By

The Department of Health and Human Services and its office responsible for enforcing health privacy reorganized so it can sharpen enforcement of cybersecurity and data breaches.

Congress

Congress or FTC? What about SEC? Where U.S. federal privacy legislation efforts stand in 2023

2023-02-28T14:00:00+00:00By

As more state laws hit the books, businesses are more adamant than ever Congress needs to pass a federal data privacy law. If lawmakers don’t rise to the occasion, which government agency might?

Cloud data

Cloud ‘not a silver bullet’ for security

2023-02-24T21:33:00+00:00By

A panel of cyber experts and a chief compliance officer in financial services discussed the business risks, threat vectors, and vendor ‘gotchas’ associated with transitioning to a cloud provider at CW’s virtual Cyber Risk & Data Privacy Summit.

United States cyber

‘This is where we are now’: Cyber environment calls for continuous monitoring

2023-02-24T20:10:00+00:00By

Securing your organization’s private data when vendors have access to it means managing relationships from beginning to end, panelists at CW’s virtual Cyber Risk and Data Privacy Summit agreed.

Brasseur_opinion

Lessons in cybersecurity: Control the breach narrative

2023-02-23T18:36:00+00:00By

Recent botched data breach responses at Activision Blizzard and GoDaddy prompt timely consideration of communication best practices shared by cybersecurity experts at CW’s virtual Cyber Risk & Data Privacy Summit.

chatgpt_web

ChatGPT comes with compliance caveats, experts warn

2023-02-23T17:10:00+00:00By

There are downsides to every new technology, and artificial intelligence and machine learning are no exception. Experts discussed the importance for compliance professionals to understand the risks of such tools at CW’s virtual Cyber Risk & Data Privacy Summit.

Health data

HHS reports: Compliance reviews, health data breaches up

2023-02-21T22:18:00+00:00By

The number of compliance reviews by the Department of Health and Human Services of health organizations increased between 2017 and 2021, according to the agency’s latest reports to Congress.

Pillars

Cybersecurity pillars: Prevention, protection, mitigation, governance

2023-02-21T19:27:00+00:00By

The former superintendent of the New York State Department of Financial Services explained how the structure of a cybersecurity program is like a compliance program and can be divided into four buckets during a panel discussion at CW’s Cyber Risk & Data Privacy Summit.

Allan Friedman 2 Cyber Risk 2023

CISA strategist: What is an SBOM and why it matters to compliance

2023-02-15T21:02:00+00:00By

Cyberattacks on software are increasing, and the best chance organizations have of protecting themselves is to know about potential vulnerabilities through a software bill of materials, CISA Strategist Allan Friedman shared at CW’s virtual Cyber Risk & Data Privacy Summit.

California flag

CPPA seeking comment on cybersecurity audit, risk assessment rule adds

2023-02-13T19:00:00+00:00By

The California Privacy Protection Agency is seeking comment on privacy rules requiring certain large businesses to conduct annual cybersecurity audits and risk assessments if the state believes they are placing consumer data at risk.

Priorities

Survey: Cybersecurity, regulatory risks lead TPRM priorities in 2023

2023-02-10T14:00:00+00:00By

Respondents to a survey from Compliance Week and Dun & Bradstreet overwhelmingly indicated cybersecurity to be the most important compliance-related area affecting third-party risk management in the new year, though fraud and other risks should still be on their radar.

SECcrop

SEC exam report highlights Marketing Rule, Reg BI, private fund advisers

2023-02-08T21:13:00+00:00By

The Securities and Exchange Commission’s 2023 examination priorities report laid out areas under the microscope this year, including compliance with the agency’s Marketing Rule and Regulation Best Interest.

Treasury Department

Treasury report flags benefits, drawbacks to use of cloud services

2023-02-08T20:48:00+00:00By

The Treasury Department issued a report regarding the benefits and challenges associated with the use of cloud service providers by financial sector firms, finding shortcomings related to transparency, staff support, and cybersecurity incident response.

HHS building

Banner Health to pay $1.25M over HIPAA Security Rule lapses

2023-02-08T18:58:00+00:00By

Banner Health agreed to pay $1.25 million as part of a settlement with the Department of Health and Human Services addressing violations of the Health Insurance Portability and Accountability Act Security Rule regarding a 2016 data breach.

Cybersecurity

Cybersecurity challenges: Defense and disclosure

2023-02-07T17:52:00+00:00By

Experts share perspectives regarding the criticality of cybersecurity risks, what the response of management and boards should be, and how proposed disclosure requirements need to be incorporated into cyber-related responsibilities.

Ransomware

Study: Healthcare overtakes finance as most breached industry in 2022

2023-01-31T21:06:00+00:00By

Healthcare organizations were under attack more than ever by cybercriminals in 2022, overtaking finance as the most breached industry, according to the latest analysis from Kroll.

Audit

Report: Audit committees bracing for increased role in ESG, ERM, cyber

2023-01-24T21:07:00+00:00By

A new report from the Center for Audit Quality and Deloitte found corporate boards are taking a fresh look at their audit committee structures and practices to respond to emerging corporate reporting areas and increased risks.

T-Mobile

FCC probing T-Mobile after latest cyber incident affects 37M

2023-01-20T16:39:00+00:00By

The Federal Communications Commission launched an investigation into T-Mobile after the telecommunications giant disclosed it suffered yet another significant cybersecurity lapse exposing customer information.

Covington

Covington to contest SEC court request for breached client data

2023-01-19T13:44:00+00:00By

The Securities and Exchange Commission asked a federal court to force Covington & Burling to comply with a subpoena seeking the law firm turn over names of about 300 clients impacted by a 2020 cyberattack.

FTC

Drizly data security to be monitored for 20 years under FTC order

2023-01-11T20:38:00+00:00By

Online alcohol retailer Drizly and its chief executive officer agreed to data security requirements and to be assessed by an independent monitor for up to 20 years as part of a final settlement with the Federal Trade Commission over a data breach that impacted 2.5 million consumers.

FINRA New York

FINRA focuses on financial crime in annual exam report

2023-01-11T16:18:00+00:00By

The Financial Industry Regulatory Authority’s annual report on examinations and risk monitoring indicated a new emphasis for the regulator on combating financial crime, particularly cybercrime.

Coinbase

Coinbase to pay $100M after NYDFS probe into compliance lapses

2023-01-04T19:46:00+00:00By

Cryptocurrency exchange Coinbase agreed to pay $100 million as part of a settlement with the New York State Department of Financial Services for compliance failures that opened the door for criminals to carry out illegal activity through the platform.

Twitter

Irish DPC probing Twitter over breach affecting 5.4M users

2022-12-28T18:26:00+00:00By

The Irish Data Protection Commission is investigating whether Twitter violated the European Union’s General Data Protection Regulation regarding a data breach alleged to have affected 5.4 million users.

Abanca

Abanca fined $3.3M for missing 2-hour breach reporting deadline

2022-12-19T18:25:00+00:00By

The European Central Bank fined Spanish bank Abanca €3.145 million (U.S. $3.3 million) after it “knowingly failed” to report a major cyber breach within the prescribed two-hour time limit.

300x200 logo

Webcast: Continuous compliance monitoring in cyber risk management

2022-12-15T14:00:00+00:00Provided by

The concept of continuous compliance monitoring in the cyber risk management world has been around for more than two decades, yet most organizations are either ignoring or struggling to put an effective and affordable plan into place.

ESG_corrected

ESG oversight highlighted in annual audit committee transparency report

2022-12-13T19:32:00+00:00By

Public companies continue to increase the overall level of audit committee disclosures in proxy statements, though there is room to improve quality by providing more tailored disclosures and transparency, according to the latest annual report.

DOJ wall

DOJ official addresses liability concerns stemming from Uber CSO case

2022-12-12T20:05:00+00:00By

Principal Associate Deputy Attorney General Marshall Miller called the conviction of a former Uber Technologies chief security officer on obstruction charges an “outlier” that should not discourage compliance officers from self-reporting violations.

SEC building

Loaded SEC agenda to carry into 2023

2022-12-08T13:00:00+00:00By

The Securities and Exchange Commission is expected to see through its controversial policy proposals from 2022, though the newly Republican-led House could slow the agency’s momentum.

Crypto collapse

CFTC commissioner stresses ‘urgency’ in call for heightened crypto oversight

2022-12-01T19:42:00+00:00By

Christy Goldsmith Romero, a commissioner at the Commodity Futures Trading Commission, is lobbying the regulator to use its existing authority to conduct “heightened supervision” over derivative exchanges to create more oversight in crypto markets.

Meta building

Meta fined $274M under GDPR for data scraping breach

2022-11-28T20:32:00+00:00By

Meta Platforms Ireland was fined €265 million (U.S. $274 million) for failing to put in place adequate measures to protect users’ data after a leak compromised the personal details of more than half a billion individuals.

apr4

April 4 | Cyber risk management through an economic lens

2022-11-20T17:00:00+00:00Provided by

How can you build a mature cyber resilience program within your business with a critical lack of technical know-how, significant budget constraints, and few-to-no monitoring of third-party risks?

Discord

​Discord fined $830K for GDPR lapses

2022-11-18T17:05:00+00:00By

Discord, a popular communication service primarily utilized by the video game community, was assessed a fine of €800,000 (U.S. $829,000) by the French data protection authority for multiple violations of the General Data Protection Regulation related to safeguarding user data.

FTC

Cybersecurity staffing woes play part in FTC Safeguards Rule delays

2022-11-17T17:05:00+00:00By

The Federal Trade Commission extended the deadline for compliance with certain changes to its Safeguards Rule announced last year, in part because of labor shortages in the cybersecurity market.

Australian Parliament

​Australia privacy law proposal sets steep penalty mark for breaches

2022-11-14T19:27:00+00:00By

The Australian government is weighing stringent new privacy reforms that would establish among the steepest penalty regimes in the world—up to AUD$50 million (U.S. $33.5 million)—for serious or repeated breaches.

SolarWinds

SolarWinds under SEC probe for handling of 2020 cyberattack

2022-11-04T18:43:00+00:00By

SolarWinds revealed the Securities and Exchange Commission is examining cybersecurity disclosures and public statements the company and its executives made after its massive 2020 data breach caused by hackers backed by the Russian government.

Ransomware

FinCEN: U.S. banks paid $1.2B to ransomware criminals last year

2022-11-02T15:25:00+00:00By

Banks reported paying a record $1.2 billion to ransomware criminals in 2021, the Financial Crimes Enforcement Network announced.

Chegg_Web

Chegg avoids fine in deal with FTC over cybersecurity lapses

2022-10-31T17:25:00+00:00By

The Federal Trade Commission ordered education technology provider Chegg to fix problems and weaknesses with its cybersecurity program that led to the exposure of personal and financial data of 40 million customers and employees in four data breaches since 2017.

lowenstein 300x200

CPE Webcast: Need to know about D&O and cyber insurance coverage

2022-10-27T14:00:00+01:00Provided by

Your company spends substantial sums to purchase directors and officers insurance and cyber insurance. But are you taking reasonable steps to make sure your company has the best protection available in a changing marketplace?

FTC seal

FTC places restrictions on CEO in Drizly enforcement proposal

2022-10-24T21:13:00+01:00By

The Federal Trade Commission announced a tentative settlement with online alcohol delivery platform Drizly and its chief executive officer regarding a data breach affecting 2.5 million consumers and the alleged lax security that allowed it to happen.

Cybersecurity

ICO warns of ‘complacency’ in fining Interserve $5M under GDPR

2022-10-24T14:29:00+01:00By

The U.K. Information Commissioner warned companies not to ignore “crucial measures” to prevent cyber incidents following his office’s decision to fine construction firm Interserve £4.4 million (U.S. $5 million) for failing to secure employee personal information.

Cybersecurity shield

Uber CSO ruling fallout: Individual liability extends to data breach response

2022-10-20T15:07:00+01:00By

The case of the Uber chief security officer found guilty by a jury on two felonies for covering up a data breach and misleading federal regulators opens up another potential individual liability issue executives handling cyber incidents face, according to legal experts.

Data breach

EyeMed fined $4.5M over cybersecurity lapses that led to breach

2022-10-19T14:53:00+01:00By

EyeMed Vision Care agreed to pay $4.5 million as part of a settlement with the New York State Department of Financial Services for cybersecurity control failures that helped enable a 2020 data breach.

SHEIN

Fashion retailer Zoetop to pay $1.9M over data breach response

2022-10-17T17:37:00+01:00By

Zoetop, parent company to online clothing retailers SHEIN and ROMWE, agreed to pay $1.9 million as part of a settlement with the New York Attorney General’s Office for failing to properly protect customer information compromised during a 2018 data breach.

Optus2

Cyber risk management lessons from Optus data breach

2022-10-11T19:05:00+01:00By

The Optus data breach should serve as a reminder for all organizations that cybersecurity incidents are serious business risks that are costly to make right.

SEC

SEC to reopen comment on climate-related disclosure rule, data breach reporting after glitch

2022-10-07T20:48:00+01:00By

The Securities and Exchange Commission will reopen comment periods on 11 rulemaking releases put forward over the past year, including proposals regarding climate-related disclosures and reporting cybersecurity breaches, because of a glitch in its online comment system.